Arun Marballi

Terrorism and airline security have dominated the news lately because of the timely uncovering of the plot to carry and detonate liquid explosives onto U.S.-bound trans-Atlantic airliners. When I hear of all these events unfolding I feel uneasy about how unprepared we are and how devastating a coordinated attack on our electronic frontier would be if it were to come about.

I do believe the same thought must have gone through the minds of the folks in the Department of Homeland Security because fewer than 24 hours after Microsoft issued security fixes for 23 serious vulnerabilities in the Windows Operating System, they came out with a firm notice to all Windows Users: �Immediately apply the patches in the MS06-040 bulletin.� The DHS further said, �This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users.�

Now, when the DHS starts getting into the act and exhorts users of Windows-based computers to keep their computers protected, something that I have time and again implored in this column, things must be getting REALLY SERIOUS!

In the corporate world, cyber security has indeed evolved into an important function in the last five years and most Fortune 500 corporations today have independent network security and management departments that control and lock down all access to the corporate network.

They are suitably strengthened by effective corporate security policies that mandate appropriate usage of company network resources by the company employees and those that the company authorizes to use its network. In fact one of the most basic restrictions imposed by most corporate networks is that normal users of the network are not given administrator privileges and hence cannot install new programs or make changes to the configuration; and they have access to only those resources that they need for performing their jobs.

Now, with the advent of Windows XP, it is possible for us to set up similar restrictions on our home computers as well. In the XP world, the first user that is set up �out of the box� will always be the �Administrator� and have the administrator rights on the computer. However, the Administrator user ID does not come with a password. In other words, the barn door is wide open and anyone can access and change the computer�s configuration by signing on as Administrator. So, the first order of action is to set up at least one user on the computer as a �regular user� (not having administrator privileges on the computer) and the second order of business is to set up password for the Administrator user.

The actual number of non-Administrator users that you need to set up will depend on how much file sharing you expect to do. Set up only one user if all family members will share the files; or if files are not to be shared, set up a separate user ID for each family member that will use the computer.

Wireless networking has now become ubiquitous and I daresay convenient even if you do not use your own network. In fact, it is easy to piggyback on a neighbor�s wireless network to access the Internet with total impunity. However, when you piggyback on your neighbor�s network or use a public Wi-Fi network, there is a price to be paid in the form of loss of privacy because all of your Internet travels are then visible in plain English to anyone who cares to look.

Six out of ten home users now have secure wireless networks � that is the finding of a poll conducted by JupiterResearch a firm based in New York. This is indeed heartening because it indicates an increasing security consciousness. The enabler for the increased use of secure Wi-Fi access is the inclusion of WPA (Wi-Fi Protected Access) in virtually all consumer-grade wireless access cards and routers and the fact that the WPA standard includes an easier setup process more suitable for consumers.

In a secure wireless network, all data interchanged between the computer and the wireless router are encrypted and password protected, thereby excluding hitchhikers and eliminating eavesdropping.

Financial and bank-related data are perhaps the most sensitive information that most users of computers and online banking systems are concerned about in the context of identity theft. It is therefore no surprise that most banks and financial institutions are frustrated in their efforts to encourage more of their customers to embrace online banking and services.

Consequently, it appears that many security software vendors are now attempting to partner with these banks and financial organizations to offer security tools such as anti-virus and anti-spy software. While I commend this effort by the financial institutions to increase the use of security software; as I have stated in the past, it is not sufficient to install these tools on our computers.

It is equally important that the tools be kept updated on a regular basis. Now, reminding all users to be diligent and stay on top of updates � that is something that the financial institutions can do very effectively.

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].

Home